The 5.2.4 WordPress security release fixes 6 security issues
– stored XSS (cross-site scripting) could be added via the Customizer.
– method of viewing unauthenticated posts.
– a method to poison the cache of JSON GET requests via the Vary: Origin header.
– discovered issues related to referrer validation in the admin.
Remember if you find a WordPress security issue you should privately disclose the vulnerabilities
WordPress 5.2.4 is a short-cycle security release. The next major release will be version 5.3.
You can download WordPress 5.2.4 or visit
Dashboard → Updates and click
Update Now. Sites that support automatic background updates have already started to update automatically.
Re-blogged from the official WordPress blog here
As always all of our customers are protected from all the above security bugs, as all of the WordPress Core installations running on our platform are the latest. In case you have any issues, please send us a message at support[at]wordpress-managment.com